package org.free.server;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.free.client.GreetingService;
import org.free.data.Person;
import org.free.shared.FieldVerifier;

import com.google.appengine.api.datastore.Key;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;

/**
 * The server side implementation of login.
 */
@SuppressWarnings("serial")
public class LoginServlet extends HttpServlet{


	@Override
	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		// TODO Auto-generated method stub
		//super.doPost(req, resp);
		
		String username = escapeHtml(req.getParameter("username"));
		String password = escapeHtml(req.getParameter("password"));
		
		
		
		
			req.getSession().setAttribute("userid", validateUser(username,password));
			resp.sendRedirect("/jsp/Main.jsp");
		
		
		
		
	}
	
	private Key validateUser(String username, String password) {
		
		return Person.setPerson(username, password);
		
	}

	
	/**
	 * Escape an html string. Escaping data received from the client helps to
	 * prevent cross-site script vulnerabilities.
	 * 
	 * @param html the html string to escape
	 * @return the escaped string
	 */
	private String escapeHtml(String html) {
		if (html == null) {
			return null;
		}
		return html.replaceAll("&", "&amp;").replaceAll("<", "&lt;")
				.replaceAll(">", "&gt;");
	}
}
